The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.

Wednesday, October 1, 2014

OWASP Foundation Global Connector

Featured OWASP Project

OWASP CornucopiaOWASP Cornucopia is a mechanism in the form of a card game to assist software development teams identify security requirements in Agile, conventional and formal development processes. It is language, platform and technology agnostic. The idea behind Cornucopia is to help development teams, especially those using Agile methodologies, to identify application security requirements and develop security-based user stories.For more information, please contact the Project Leader, Colin Watson.

Project Announcements

O-Saft Project Graduates to LAB statusThe O-Saft Project, an exemplary OWASP project has just graduated from incubator to LAB status. O-Saft is an easy to use tool to show informations about SSL certificate and tests the SSL connection according given list of ciphers and various SSL configurations.It's designed to be used by penetration testers, security auditors or server administrators. The idea is to show the important informations or the special checks with a simple call of the tool. However, it provides a wide range of options so that it can be used for comprehensive and special checks by experienced people. Read more about the O-Saft project on the project wiki page. If you have any questions about the project summit, please contact Jonathan MarcilMantra OS: Dharma The OWASP Mantra OS Project has just released it's third version, Dharma. OWASP Mantra OS is a secure sandboxed operating system built for application testing and fast secure computing, built on a Ubuntu Core. Check out the Mantra OS project page HERE. The new version can be downloaded via SourceforgeOWASP iGoat 2.2 releasedThe OWASP iGoat project is a security learning tool for iOS developers to learn about security weaknesses in iOS -- by breaking things as well as fixing them. New in 2.2 is a certificate pinning exercise. Download PageOWASP Reverse Engineering and Code Modification Prevention ProjectApple's release of the iPhone 6 featuring its support for Near Field Communications (NFC) the release of Android 4.4's host-based card emulator reveal a growing trend towards allowing mobile code to do very sensitive things all within the mobile device.
There are very real risks of moving sensitive transactions to a mobile device. Within mobile environments, developers have no control over who can see their code or what the hacker can do with it.The notion that you should not allow developers to do sensitive things (like financial transactions) in mobile environments just won't cut it anymore. Offline availability requirements and usability requirements are winning over traditional security principles. The good news is that there are ways of doing risky things in these types of uncontrollable environments. The OWASP Reverse Engineering and Code Modification Prevention project is one project that empowers software developers to think about new ways of safely doing sensitive things within mobile environments.View the OWASP Projects Page to find other projects that address mobile security risks.

OWASP Foundation Social Media

2014 Global Board of Directors Election

Candidate Interviews are availableVoting will begin October 13, 2014! Be sure to review the candidate information and interviews before then.OWASP Winter Of Code Sprint Is UnderwayThe first selection stage of the Winter Code Sprint has finished in September and we are proud to announce 10 new university students around the world will work on OWASP projects during this semester while earning university credits. The second and final stage selection is set for 15th October.